package org.apache.cxf.ws.security.wss4j;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.class */
public class CryptoCoverageChecker extends AbstractSoapInterceptor {
    protected List<XPathExpression> xPaths;
    protected Map<String, String> prefixMap;
    private boolean checkFaults;

    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker$XPathExpression.class */
    public static class XPathExpression {
        private final String xPath;
        private final CryptoCoverageUtil.CoverageType type;
        private final CryptoCoverageUtil.CoverageScope scope;

        public XPathExpression(String str, CryptoCoverageUtil.CoverageType coverageType) {
            this(str, coverageType, CryptoCoverageUtil.CoverageScope.ELEMENT);
        }

        public XPathExpression(String str, CryptoCoverageUtil.CoverageType coverageType, CryptoCoverageUtil.CoverageScope coverageScope) {
            if (str == null) {
                throw new NullPointerException("xPath cannot be null.");
            }
            if (coverageType == null) {
                throw new NullPointerException("type cannot be null.");
            }
            this.xPath = str;
            this.type = coverageType;
            this.scope = coverageScope;
        }

        public String getXPath() {
            return this.xPath;
        }

        public CryptoCoverageUtil.CoverageType getType() {
            return this.type;
        }

        public CryptoCoverageUtil.CoverageScope getScope() {
            return this.scope;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof XPathExpression)) {
                return false;
            }
            if (obj == this) {
                return true;
            }
            XPathExpression xPathExpression = (XPathExpression) obj;
            if (xPathExpression.getScope() != getScope() || xPathExpression.getType() != getType()) {
                return false;
            }
            if (getXPath() != null || xPathExpression.getXPath() == null) {
                return getXPath() == null || getXPath().equals(xPathExpression.getXPath());
            }
            return false;
        }

        public int hashCode() {
            int i = 17;
            if (getXPath() != null) {
                i = (31 * 17) + getXPath().hashCode();
            }
            if (getType() != null) {
                i = (31 * i) + getType().hashCode();
            }
            if (getScope() != null) {
                i = (31 * i) + getScope().hashCode();
            }
            return i;
        }
    }

    public CryptoCoverageChecker() {
        this(null, null);
    }

    public CryptoCoverageChecker(Map<String, String> map, List<XPathExpression> list) {
        super("pre-protocol");
        this.xPaths = new ArrayList();
        this.prefixMap = new HashMap();
        this.checkFaults = true;
        addAfter(WSS4JInInterceptor.class.getName());
        setPrefixes(map);
        setXPaths(list);
    }

    public void handleMessage(SoapMessage soapMessage) throws Fault {
        HashSet hashSet;
        if (this.xPaths == null || this.xPaths.isEmpty()) {
        }
        if (soapMessage.getContent(SOAPMessage.class) == null) {
            throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
        }
        try {
            SOAPEnvelope envelope = ((SOAPMessage) soapMessage.getContent(SOAPMessage.class)).getSOAPPart().getEnvelope();
            if (!this.checkFaults) {
                if (envelope.getBody().hasFault()) {
                    return;
                }
            }
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            for (WSHandlerResult wSHandlerResult : CastUtils.cast((List) soapMessage.get("RECV_RESULTS"))) {
                List list = (List) wSHandlerResult.getActionResults().get(2);
                if (list != null) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        List cast = CastUtils.cast((List) ((WSSecurityEngineResult) it.next()).get("data-ref-uris"));
                        if (cast != null && (cast.size() != 1 || !((WSDataRef) cast.get(0)).getName().equals(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature")))) {
                            hashSet2.addAll(cast);
                        }
                    }
                }
                List list2 = (List) wSHandlerResult.getActionResults().get(4);
                if (list2 != null) {
                    Iterator it2 = list2.iterator();
                    while (it2.hasNext()) {
                        List cast2 = CastUtils.cast((List) ((WSSecurityEngineResult) it2.next()).get("data-ref-uris"));
                        if (cast2 != null) {
                            hashSet3.addAll(cast2);
                        }
                    }
                }
            }
            CryptoCoverageUtil.reconcileEncryptedSignedRefs(hashSet2, hashSet3);
            XPath newXPath = XPathFactory.newInstance().newXPath();
            if (this.prefixMap != null) {
                newXPath.setNamespaceContext(new MapNamespaceContext(this.prefixMap));
            }
            for (XPathExpression xPathExpression : this.xPaths) {
                switch (xPathExpression.getType()) {
                    case SIGNED:
                        hashSet = hashSet2;
                        break;
                    case ENCRYPTED:
                        hashSet = hashSet3;
                        break;
                    default:
                        throw new IllegalStateException("Unexpected crypto type: " + xPathExpression.getType());
                }
                try {
                    CryptoCoverageUtil.checkCoverage((Element) envelope, (Collection<WSDataRef>) hashSet, newXPath, (Collection<String>) Arrays.asList(xPathExpression.getXPath()), xPathExpression.getType(), xPathExpression.getScope());
                } catch (WSSecurityException e) {
                    throw new SoapFault("No " + xPathExpression.getType() + " element found matching XPath " + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
                }
            }
        } catch (SOAPException e2) {
            throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
        }
    }

    public final void setXPaths(List<XPathExpression> list) {
        this.xPaths.clear();
        if (list != null) {
            this.xPaths.addAll(list);
        }
    }

    public final void addXPaths(List<XPathExpression> list) {
        if (list != null) {
            this.xPaths.addAll(list);
        }
    }

    public final void setPrefixes(Map<String, String> map) {
        this.prefixMap.clear();
        if (map != null) {
            this.prefixMap.putAll(map);
        }
    }

    public final void addPrefixes(Map<String, String> map) {
        if (map != null) {
            this.prefixMap.putAll(map);
        }
    }

    public boolean isCheckFaults() {
        return this.checkFaults;
    }

    public void setCheckFaults(boolean z) {
        this.checkFaults = z;
    }
}
